1.1. Password security


A password is critical for many devices and access: Unlocking a phone or a computer, logging in for Wi-Fi or to your e-mail, even encrypting your data. A strong password is the easiest, but a major, step toward protecting your data. The more frequently you change your password, the better protected you are. Change the password for your devices or messaging accounts at least every three months. The password of your Wi-Fi router should be altered twice a year. For any other function, change the password at least once a year.

Some advice on creating a strong password:

  • > Use different passwords for each account
  • > Never use a word that can be found in a dictionary
  • > Never use names or birth dates of family members, friends or pets
  • > Aim for longer passwords, a strong one has about 15 characters
  • > Include random lowercase and capital letters, special characters and numbers

Most people have difficulty remembering complicated passwords. An alternative is to use coded passphrases like: WIw8,mlbtmcitt (‘When I was eight, my little brother threw my cat in the toilet’).

There are various websites to help you test your password and provide an indication of how long a regular home computer or a very fast super computer would need to crack it. One such a website is: password.kaspersky.com. Entering your real password on sites like these opens you up to security risks, so check the strength of one that is similar to it.

If you cannot remember every password for all your accounts, use apps like “KeePass” (keepass.info) or “Safe in Cloud” (safe-in-cloud.com). They store passwords for you safely, encrypt the information and are only accessible when entering a (very strong) master password. These tools usually include a password generator, too. You will also find similar tools in your phone’s app store

Aside from password storage and protection, the use of one-time-passwords (OTP) is highly recommended. These passwords are valid for only one session each time, and are used in addition to a standard password, a combination also known as 2-factor-authentication (2FA). The OTP is either sent via text message, generated through a smartphone app like “Google Authenticator” (Android/iOS), “Authenticator Plus” (Android) and “2STP Authenticator” (iOS) or via a special token. Many services like Facebook, Gmail or Twitter offer OTP. Some alternative email service providers (i.e., mailbox.org) offer such an option of 2-factor-authentication as well. A frequently updated list of services with OTPs can be found at: twofactorauth.org.